All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
This article discusses how major tech companies like Palantir and Anthropic are using fashion and lifestyle products as marketing tools to build their brand image and appear more culturally sophisticated. The piece describes examples such as Palantir selling a $239 branded denim jacket made in Montana and Anthropic taking over a coffee shop, suggesting these companies are attempting to appeal to customers and the public through lifestyle branding rather than traditional tech marketing.
LiteLLM is a proxy server (an intermediary that forwards requests between clients and AI language model APIs) that had a critical vulnerability in versions 1.74.2 through 1.83.6. Two test endpoints allowed users to submit server configurations that could execute arbitrary commands (running any code an attacker wants) on the server itself, as long as they had a valid API key, even a low-privilege one.
PromptHub versions 0.4.9 to before 0.5.4 contain an SSRF vulnerability (server-side request forgery, where an attacker tricks the server into fetching URLs they control). An authenticated endpoint allows users to supply a URL that the server fetches and returns the response, but the security check meant to block private IP addresses (internal network addresses) can be bypassed using alternate IPv6 (internet protocol version 6, the newer internet addressing system) representations. Any registered user can exploit this, or anyone on the internet if registration is enabled.
LiteLLM, a proxy server (intermediary program that forwards requests to different AI APIs) versions 1.81.16 through 1.83.6, has a SQL injection vulnerability (a flaw where attackers insert malicious code into database queries by manipulating user inputs). An unauthenticated attacker could craft a fake Authorization header to read or modify data stored in the proxy's database, potentially gaining unauthorized access to stored API credentials.
LiteLLM is a proxy server (a middleman that forwards requests to AI language model APIs) that had a security flaw in versions 1.80.5 through 1.83.6 in its POST /prompts/test endpoint. This endpoint took user-supplied prompt templates and ran them without sandboxing (isolating them in a restricted environment), allowing attackers with valid API keys to execute arbitrary code (running any commands they want) on the server, potentially stealing secrets like API keys or database passwords.
Major AI chatbots like ChatGPT, Gemini, Grok, and Claude have safety features designed to prevent them from producing harmful content such as hate speech, criminal instructions, and exploitation material. However, people called 'AI jailbreakers' deliberately try to bypass these safety restrictions, and journalist Jamie Bartlett explores why they do this and what it reveals about how large language models (AI systems trained on huge amounts of text data) actually work.
The utcp-http plugin has a security flaw called SSRF (server-side request forgery, where an attacker tricks a server into making unwanted requests on their behalf) that lets attackers redirect the tool to access internal systems. An attacker can host a fake OpenAPI specification (a standard format describing API endpoints) on a legitimate HTTPS server, but include instructions to access internal addresses like cloud metadata servers. The plugin didn't properly validate these addresses before making requests, allowing attackers to expose sensitive data or internal services to the LLM.
Cloudflare's stock dropped 18% after the company announced it would cut 1,100 employees (20% of its workforce) because agentic AI (AI systems that can autonomously plan and execute tasks) has fundamentally changed what jobs the company needs. Despite beating earnings expectations with strong revenue growth of 34% year-over-year, CEO Matthew Prince stated that the company's AI usage increased over 600% in three months as it shifts to an AI-first operating model, making many current roles obsolete.
CVE-2026-35435 is a vulnerability in Azure AI Foundry M365 published agents where improper access control (weak rules about who can access what) allows an unauthorized attacker to gain higher privileges over a network. The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) assessment that has not yet been provided by NIST.
CVE-2026-33111 is a command injection vulnerability (where an attacker inserts malicious commands into user input) in Copilot Chat for Microsoft Edge that could allow an unauthorized attacker to disclose information over a network. The vulnerability stems from improper handling of special characters in commands. No severity score has been assigned yet by NIST.
CVE-2026-32207 is a cross-site scripting vulnerability (XSS, where an attacker injects malicious code into a web page that gets executed in users' browsers) in Azure Machine Learning that allows an unauthorized attacker to perform spoofing (impersonating someone or something else) over a network. The vulnerability stems from improper handling of user input during web page generation.
CVE-2026-26164 is a vulnerability in Microsoft 365 Copilot caused by improper neutralization of special elements in output (a type of injection attack, where specially crafted input can be misinterpreted as commands). An attacker without authorization could exploit this to access and disclose information over a network.
CVE-2026-26129 is a vulnerability in Microsoft 365 Copilot where improper neutralization of special elements (failure to safely handle certain characters or code) allows an unauthorized attacker to disclose information over a network. The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 4.0, indicating moderate severity.
OpenAI announced GPT-5.5-Cyber, a specialized version of its latest AI model designed for cybersecurity teams, which is being released in limited preview to vetted partners. Unlike the standard GPT-5.5 model, this version has relaxed safety restrictions to make it easier for security professionals to use it for tasks like vulnerability identification (finding weaknesses in software), patch validation (checking if security updates work), and malware analysis (studying malicious software). This release comes one month after rival Anthropic launched Claude Mythos, a similar AI tool also restricted to select cybersecurity organizations.
i18nextify is a JavaScript library that enables website internationalization (support for multiple languages) through a simple script tag. Versions before 3.0.5 have a URL-injection vulnerability (where attackers can manipulate URLs by injecting special characters) because the library doesn't properly validate language and namespace values before using them in web requests, allowing attackers to exploit this if an application accepts user input for language selection.
Ollama, a popular framework for running AI models locally, has a critical vulnerability (CVE-2026-7482, called Bleeding Llama) that allows attackers to steal sensitive data like passwords, chat messages, and system secrets from over 300,000 exposed servers. The flaw lets unauthenticated attackers upload a specially crafted file that tricks Ollama into reading memory beyond its intended boundaries, and the vulnerability is easy to exploit because Ollama has no authentication enabled by default.
This is a brief announcement of llm-gemini version 0.31, posted by Simon Willison on May 7, 2026. The content appears to be metadata and navigation elements from a blog or news site covering developments in large language models (LLMs, AI systems trained on vast amounts of text data) and Google's Gemini AI model, rather than detailed technical information about the release itself.
Fix: This issue has been patched in version 1.83.7. Users should upgrade to version 1.83.7 or later.
NVD/CVE DatabaseFix: Update to version 0.5.4 or later, which includes a patch for this vulnerability.
NVD/CVE DatabaseFix: Update to version 1.83.7 or later, where this issue has been patched.
NVD/CVE DatabaseFix: Upgrade to version 1.83.7 or later. According to the source: 'This issue has been patched in version 1.83.7.'
NVD/CVE DatabaseFix: Upgrade to utcp-http version 1.1.2. The patch adds a new security function called `ensure_secure_url()` that properly validates hostnames (not just string patterns) against a list of allowed addresses, and this validation is now performed both when manually registering tools and right before making requests. Users unable to upgrade should avoid calling `register_manual()` with any untrusted URLs and restrict outbound network access from the agent host to block access to internal addresses (RFC1918 private ranges, 169.254.0.0/16, and loopback addresses).
GitHub Advisory DatabaseFix: This issue has been fixed in version 3.0.5. If users cannot upgrade immediately, they can work around the issue by sanitising lng / ns before they reach i18next by stripping .., /, \, ?, #, %, whitespace, and control characters; and capping the length.
NVD/CVE DatabaseFix: Users should update to Ollama version 0.17.1, which includes a patch for this vulnerability. Additionally, deploy an authentication proxy or API gateway (a security layer that controls access) in front of all Ollama instances and never expose them to the internet without IP access filters and firewalls. If your Ollama server was internet-accessible, assume environment variables and secrets in memory may be compromised and rotate API keys, tokens, and credentials immediately. On local networks, Ollama servers should be isolated on secure network segments and behind firewalls.
CSO OnlineFrench prosecutors have escalated their investigation of Elon Musk and his social network X into a criminal probe, focusing on allegations of algorithmic manipulation (using computer programs to influence user feeds and information), spreading of nonconsensual sexually explicit deepfake images (synthetic media created without consent), and Holocaust denial content on X's AI chatbot Grok. Musk and former X CEO Linda Yaccarino were summoned to appear in April but declined to do so, and similar investigations are underway in other countries and by California authorities.
Google's Chrome browser automatically downloaded and installed Gemini Nano, a local AI model (an AI that runs directly on your computer rather than in the cloud) taking up about 4 GB of space, without clear user notification. Many users were unaware of this installation until recent reports highlighted the issue, raising concerns about transparency in how tech companies roll out AI features.
Fix: To disable Gemini Nano, open Chrome on your computer, click the 'More' menu (three vertical dots) in the top right corner, go to Settings, then System, and toggle 'On-device AI' to off. According to Google, "Once disabled, the model will no longer download or update." However, the source notes that directly uninstalling the file from the directory will cause Chrome to silently redownload it when the browser restarts, so using the settings toggle is the proper method. Be aware that disabling this feature will prevent certain security functions like on-device scam detection from working.
Wired (Security)AI agent frameworks like Semantic Kernel, LangChain, and CrewAI let AI models control tools and plugins (software add-ons that perform actions like running scripts or accessing databases), but researchers discovered that prompt injection (tricking an AI by hiding instructions in its input) can turn into RCE (remote code execution, where an attacker runs commands on a system they don't own). Two critical vulnerabilities in Microsoft's Semantic Kernel (CVE-2026-25592 and CVE-2026-26030) could allow attackers to execute code on a host machine through malicious prompts.
Fix: The source states that the two vulnerabilities in Semantic Kernel "have since been fixed" but does not provide specific patch versions, mitigation steps, or technical details on how to address the vulnerabilities. The text mentions "responsible disclosure" and working with maintainers but does not explicitly describe how to patch or mitigate these issues. N/A -- no explicit mitigation or patch version details discussed in source.
Microsoft Security Blog